NETSEC-GENERALIST Question #39: Real Exam Question with Answer & Explanation

Question

A firewall administrator wants to segment the network traffic and prevent noncritical assets from being able to access critical assets on the network. Which action should the administrator take to ensure the critical assets are in a separate zone from the noncritical assets?

Options

• ACreate a deny Security policy with "any" set for both the source and destination zones.
• BCreate an allow Security policy with "any" set for both the source and destination zones.
• CLogically separate physical and virtual interfaces to control the traffic that passes across the
• DAssign a single interface to multiple security zones.

Explanation

To properly segment network traffic and prevent noncritical assets from accessing critical assets, the best practice is to logically separate traffic using different physical or virtual interfaces. Why Logical Separation of Interfaces is the Correct Answer? Creates Secure Network Segmentation Firewalls can assign critical and noncritical assets to separate security zones. Traffic between security zones is explicitly controlled via Security Policies. Allows Granular Security Control Critical assets (e.g., databases, financial systems) can be placed in a high-security zone. Noncritical assets (e.g., guest networks, IoT devices) can be placed in a lower-security zone. Enhances Network Performance and Compliance Reduces attack surface by limiting access between critical and noncritical assets. Ensures regulatory compliance (e.g., PCI-DSS, HIPAA) by isolating sensitive systems.

No community discussion yet for this question.